Manualshelf

Release Notes

ManualsBrandsDell ManualsConverged InfrastructureSystems Management Solution Resources
12345678910
Table Of Contents
Introduction
ID 390
1 Introduction
Today, even a flashed firmware in a Read Only Memory is susceptible for exploitation by hackers who
commonly try to expose the system to malicious activities. Even though UEFI Secure Boot is effective in
providing host security, it fails if the flashed firmware is compromised. Hacker could gain physical access to
the system, and maliciously tamper with the BIOS image.
To counter the boot integrity threat problem, Boot Guard technology was introduced by Intel few years ago
with its 4
th
generation cores. This Root-of-Trust is based on one-time programmable, read-only public keys
that provide protection against malware tampering. When a system with Boot Guard starts, the BIOS image’s
cryptographic hash is verified against the stored key. If the verification succeeds, the BIOS boots up normally.
If the verification fails, the BIOS image is compromised, and the system fails to boot.
In addition to Boot Guard’s verification mechanism, iDRAC9 4.10.10.10 provides a Root of Trust mechanism
to verify the BIOS image at the host boot time. The host can boot only after the BIOS image is successfully
validated. iDRAC9 also provides a mechanism to validate the BIOS image at run time, on demand, or at user-
scheduled intervals.
Silicon-based Root of Trust Domains in PowerEdge Servers with iDRAC9.